| Question.41 What is NOT a phase of the Risk Management Framework? (A) Assess Security Controls (B) Categorize Information System (C) Implement Security Controls (D) Maintain Security Controls |
41. Click here to View Answer
Correct Answer : (D) Maintain Security Controls
| Question.42 Who is directly responsible for supporting the System Authorization process during system development? (A) Information Security Architect (B) Authorizing Official (C) Information Systems Security Engineer (D) Risk Executive |
42. Click here to View Answer
Correct Answer : (A) Information Security Architect
| Question.43 Ultimately, the responsibility for assurance that risks from the use of external service providers have been adequately mitigated remains with whom? (A) Information System Owner (B) Authorizing Officials (C) Risk Management Executive (D) Security Control Assessor |
43. Click here to View Answer
Correct Answer : (A) Information System Owner
| Question.44 To mitigate risk from the supply chain, a comprehensive information security strategy should be considered that employs a strategic, organization-wide defense-in-breadth approach. Which of the following is suggested in NIST SP 800-39 to assist in accomplishing this objective? (A) Know the provenance of the information technology products and services provided by vendors and suppliers (B) Maximize the time distance between decisions to purchase information products and services and the time of delivery to ensure the product testing can be completed (C) Use a single vendor’s products to reduce the chance of misconfiguration and additional training costs (D) Use information technology products provided by the lowest priced vendors to allow for the purchase of additional controls and provide better overall coverage |
44. Click here to View Answer
Correct Answer : (C) Use a single vendor’s products to reduce the chance of misconfiguration and additional training costs
| Question.45 Which of the following is NOT a consideration for tailoring controls? (A) Organization’s mission (B) Total funding available for controls (C) Business functions (D) Characteristics of the information system and the operating environment |
45. Click here to View Answer
Correct Answer : (B) Total funding available for controls